Hello!
I'm trying to use X.509 certificates, without success. Used policy is: Wssp1.2-Wss1.0-X509-Basic256. I want client and service to sign messages by own private key and encrypt entire message with public key of each other. I think I chose good security policy. Now, I'd like both end points to use their own X.509 certificates. How can I load it on WebLogic Server (Version: 10.3.5.0) and force to use them? I'm looking for the easiest way. I'd like to store both certificates in the same location (where is the good place in WLS?) and assign them to end points respectively. I don't want any external things, only WLS, to simulate CA, keystore.

Demo Key store is only for testing purpose for checking the functionality
Demo Identity and Demo Trust: The demonstration identity and trust keystores, located in the BEA_HOME\server\lib directory and the JDK cacerts keystore, are configured by default. Use for development only.

I have one problem with service identity. In WSDL there is no BinarySecurityToken. I set recommended configuration of my WSS (ServerBSTCredentialProvider, BinarySecurityTokenHandler) and I can't see any <Identity /> inside <service /> in WSDL. I'm using "policy:Wssp1.2-Wss1.0-X509-Basic256.xml" so I expect that service expose his public key and client will send request with body automaticly encrypted by this public key.

Edited by: 971669 on Nov 21, 2012 5:25 AM

I can resign from attaching service public key in WSDL. But I still want client to encrypt his message body with service public key. Following code doesn't help.

Second issue resolved by using demoidentity.der certificate and DemoIdentity key. I would like to only encrypt request and response. How can I do that?

My current policy:
Wssp1.2-2007-Wss1.0-X509-Basic256.xml

and its description in Oracle Docs:
Mutual Authentication with X.509 Certificates. The message is signed and encrypted on both request and response. The algorithm of Basic256 should be used for both sides.

Edited by: 971669 on Nov 22, 2012 4:31 PM

I must use Protection Assertion Policies. Everything is OK. Thanks for your help!